Reputation: 55643
What would be the best way to verify a user uploaded file?
After a file has been uploaded to the tmp folder, for example a pdf file, would php fileinfo mime check be enough to verify that the file is indeed a pdf file and is not infected?
How do you verify that a user uploaded file has no virus?
so that I could let users download it?
My scenario is this: A user uploads a pdf file, I then let another user read his pdf file.
Upvotes: 1
Views: 192
Answers (2)
Reputation: 944005
php fileinfo mime check be enough to verify that the file is indeed a pdf file and is not infected
No. It will tell you if it looks like a PDF file, but do no virus checking.
How do you verify that a user uploaded file has no virus?
With a virus scanner. There are plenty of commercial and non-commercial packages out there.
Upvotes: 3
Reputation: 91742
A mime check does not guarantee anything, to be reasonably sure that a file has no virus, you will have to pass it through a virus scanner, like for example clam on linux.
Upvotes: 0
Related Questions
- What is the most secure method for uploading a file?
- PHP file verification
- File upload validation in PHP
- How do I verify that files have been uploaded?
- PHP security. Check uploaded files are valid
- Have user validate file before saving to server
- Securing uploaded files in PHP
- Securing files uploaded to a server via PHP
- Secure File Upload and validating it
- Best way to validate an upload form?